Using ldapmodify to remove all users from an AD group

0
votes

What is the best way to remove all members from a group in AD? The help for ldapmodify doesn't seem to support the ability to remove all members of a group.

I found an example of removing a particular dn using:

ldapmodify -h 127.0.0.1 -D "cn=admin" -w xxxx -f modStaticGrp.ldif

Where modStaticGrp.ldif contains: 
dn: cn=group1, o=Your Company
changetype: modify
delete: member
member: cn=jeff, cn=tim, o=Your Company

I would like to have a bash script with ldapmodify running a command that removes all the users in a group. What would be the best way to accomplish this?

1
active-directoryldapopenldap
This has exactly nothing to do wth bash.user207421
@hmedia1 It is perfectly clear from the LDIF supplied what the OP is and isn't trying to do. He isn't trying to delete either the group or the users.user207421

1 Answers

1
votes

ldapmodify doesn't seem to support the ability to remove all members of a group.

Yes it does. See man ldapmodify and man ldif. Just truncate your LDIF after the delete: member line. If no attribute values to delete are supplied, the entire attribute is deleted.